Probably you did not see the IP relations report at VT.
The info for that particular domain has been 3 years old, maybe, but in the mean time spamming from that IP under various Pharma-spam addresses has been going on: https://www.virustotal.com/gui/ip-address/159.148.186.238/relations
I’m not sure how IP Relations works in VT - however I reran the IP Address in VirusTotal. I got pulled away before I could post the updated information.
Whatever you mention there, it is a known fact, that this Ip source is spreading pharma-spam and performing brute force attacks.
No two ways about it, whatever new domains are being created for that specific reason,
residing on:
-159.148.186.238 (-159.148.186.128/25)
AS 200709 (SIA Bighost.lv)
LV
Through another search query result the malware spreading from that particular IP is still alive and kicking,
may it that malware spreading stays under 24 hrs or less time for one particular domain:
15.67769
htxps://rechtsanwalt-chyla.de/wp-content/themes/twentyten/K_tripleback_celation.html
created 15 days ago / modified 15 days ago
Malware site - Hybrid-Analysis
contacted_host: 159.148.186.238 contacted_host.keyword: 159.148.186.238
11.441689
hxtp://dgd-pharma.com/chinchilla.html
created 14 days ago / modified 14 days ago
Malware site - Hybrid-Analysis
contacted_host: 159.148.186.238 contacted_host.keyword: 159.148.186.238
1
-159.148.186.238
created 15 days ago / modified 14 days ago
Mail Spammer - Barracuda Malware site - Hybrid-Analysis
1
-yourherbsvalue.eu
created 14 days ago / modified 14 days ago
Malware site - Hybrid-Analysis
and for one of these domains a further analysis report →
This website is insecure.
No 3rd party trackers on this site.
Since there are no third party dependencies preventing it, why don‘t you ask snobword.com to adopt SSL?
No Privacy Practices found.
See for site issues: https://sitecheck.sucuri.net/results/www.snobword.com
Running Sitefinity 3.7.2136.240:1 Exploitable: Hospitality Exploit, vuln. to arbitrairy file upload exploit,
because JavaScript code in an HTML file has the same origin as the application’s own code.
Upgrade and patch a.s.a.p. See further here: https://exploits.shodan.io/?q=Sitefinity
Open to doosatghack.