AV detection works through other mechanisms, but something is wrong with the certificate. No SSL certifcate is found.
Strange where Symantec recently had certification CT problems, Thawte is part of that. So what went wrong here?

Comodo Site Inspector does not detect for now: https://app.webinspector.com/public/reports/74268097

And again the abuse is on a non-public net cloudservice, at Tencent Cloud Computing: http://toolbar.netcraft.com/site_report?url=moviessupper.men%2Fsupport.php%3Ff%3D1.dat 9 reds out of 10 Netcraft risk-grade.

Wrong nameserver configuration software version proliferation: 1.0.1104.00
with an arbitrairy file upload vulnerability, that is why we find (1.dat): https://www.virustotal.com/en/file/0a6c754a28566a1bb7158729279f1c178d27bebc026fc45e1c7f235aaadfb83d/analysis/1501842167/

Likewise scenario from malcreants:
https://www.slideshare.net/phdays/exploiting-redundancy-properties-of-malicious-infrastructure-for-incident-detection
Cat and mouseplay between av-detection and malcreants.

More on this DNSPOD abuse: http://www.malwareurl.com/ns_listing.php?as=AS12301

polonus (volunteer website security analyst and website error-hunter)

AV vendors could merely flag based on a certificate (hash) + timestamp software
and software could be easily be classified as malware (signature based).
Still somehow this does not seem to happen.

Or does this happen for the selection of threats that are being targeted?
No solution has them all, simply because there is no room aboard.

pol