Malware site and related sites...

Re: https://urlhaus.abuse.ch/url/209660/
Results from scanning URL: -http://79.137.123.208/bins/ppc
Number of sources found: 0
Number of sinks found: 0

Results from scanning URL: -https://ajax.aspnetcdn.com/ajax/bootstrap/3.3.4/bootstrap.min.js
Number of sources found: 13
Number of sinks found: 2

Results from scanning URL: -https://ajax.aspnetcdn.com/ajax/bootstrap/3.3.4/bootstrap.min.js
Number of sources found: 44
Number of sinks found: 2
/*!

Results from scanning URL: -https://i1.social.s-msft.com/Profile/Resources/Script/jquery.flot.min.js?cver=2018.11.26.1
Number of sources found: 0
Number of sinks found: 3

Results from scanning URL: -https://i2-msdn.sec.s-msft.com/Combined.js?resources=0:NewFooterSock,1:Footer;/Areas/Epx/Themes/Base/Content:0,/Areas/Centers/Themes/StandardDevCenter/Content:1&hashKey=EB5B0152122C286919648AB36220C327&v=B3C9588E497D8C1E7EBCEBE66E55A8CB
Number of sources found: 9
Number of sinks found: 8

10 engines detect: https://www.virustotal.com/gui/file/e6b61381d9e516615457e4cafbae7084ec98aeeb187260297454f5cc4cbef936/detection
ELF executale.

On IP: " nekos are cute" also found at https://malshare.com/index.phphttps://urlhaus.abuse.ch/url/209662/
See: https://malshare.com/search.php?query=http%3A%2F%2F79.137.123.208%2F
with various YARA-hits. → https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=NzkuMTM3LjEyMy4yMDhgYltuc2BwcF4%3D~enc
and
https://urlscan.io/result/06ddd2ba-958d-4ab0-bcfd-671dd6b2d56a
= https://www.virustotal.com/gui/file/e6b61381d9e516615457e4cafbae7084ec98aeeb187260297454f5cc4cbef936/details
vuln.: https://www.shodan.io/host/79.137.123.208
also see: https://censys.io/ipv4?q=http%3A%2F%2F79.137.123.208%2Fbins%2Fppc
also

443.https.get.body: , PPC
176.223.66.133 (-core1.spatiul.ro)
SPACE-AS (50939) Romania
110/pop3, 143/imap, 21/ftp, 443/https, 465/smtp, 53/dns, 587/smtp, 80/http, 993/imaps, 995/pop3s
Bloo Ink Publishing Limited – We publish your dream ! Bloo Ink Book Publisher in London -ppc-concept.co.uk, -cpanel.ppc-concept.co.uk, -ipv6.ppc-concept.co.uk
443.-https.get.body: ://ppc

Does avast detect this malcode?

polonus