Only one engine to flag Trickbot here?

Where it was initially reported: https://urlhaus.abuse.ch/url/999193/
See: https://www.virustotal.com/gui/url/c2db81500f2572429fbef199cce605ab693ad2110a855ab26ac961436e58d312/details
Re: https://www.virustotal.com/gui/ip-address/21
Leaseweb abuse: https://www.shodan.io/host/212.32.245.130

416 recommendations to improve website: https://webhint.io/scanner/62c18e6f-558b-4614-804d-f370c5df354b

Site blacklisted by McAfee’s: https://sitecheck.sucuri.net/results/parosdiving.com/catsdeal/color.php

Still given as clean by

DShield CLEAN
AlienVault OTX CLEAN
Cisco Talos CLEAN
abuse.ch (Feodo) CLEAN
URLhaus CLEAN
Spamhaus (Drop / eDrop) CLEAN

polonus

Payload
https://www.virustotal.com/gui/file/b4cd69918527539eaaf280b72ffb2feb3378e8491655329a0f344958f87bad69/detection

Thanks Pondus for that elaboration. :wink:

More on this banking trojan: https://staging-blog.malwarebytes.com/detections/trojan-trickbot/

polonus