See: https://www.virustotal.com/nl/url/e1aa88b8bb9ae4e684b78eb0068f3d3c95d6c82e473a1b843b73472c04711d1c/analysis/1386341685/
IDS alerts: http://urlquery.net/report.php?id=8203974 blocked by WOT web rep and listed here: http://investexpo.ru/ is in Dr.Web malicious sites list!
Malware from site now seems dead: http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&review=82.98.86.172
Is this part of Mitglieder hell? → https://isc.sans.edu/forums/diary/Mitglieder+hell/722 link article author = William Salusky
Bitdefender alerts this parked domain, WOT frowns on it: https://www.mywot.com/en/scorecard/investexpo.ru?utm_source=addon&utm_content=popup-donuts
IP leads to http://sedoparking.com/?path=home Known as a bad webhost: http://www.projecthoneypot.org/ip_82.98.86.172
history: installs.in ns1.sedoparking dot com => 91.195.240.162
ns2.sedoparking dot com => 217.160.208.235
(AS12306) PLUSLINE
82.98.86.172 Trojan Zbot drop zone 2010-06-29
gradon dot info ns1.dnsexit dot com => 69.57.160.118
ns2.dnsexit dot com => 64.182.102.188
(AS12306) PLUSLINE
82.98.86.172 Trojan TDSS / Rogue Antivirus downloader 2010-04-26
Known spam source: http://knujon.com/ips/82.98.86.172.html
pol