See: http://toolbar.netcraft.com/site_report?url=http://0182gc0o1280hg1fc279g2d71c9gf79cg791ogocg71gc738713192icgq2ug9i.vanstrij.nu
See: https://urlquery.net/report/748e16f2-9eb3-49da-8795-6c2014afabff
Self-signed certificate is installed with a local host root certificate for -d230.1eurohosting.nl for -b-smarthosting.net.
Placeholder for sub-domain: -https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=0182gc0o1280hg1fc279g2d71c9gf79cg791ogocg71gc738713192icgq2ug9i.vanstrij.nu%2F&ref_sel=GSP2&ua_sel=ff&fs=1
Hostname: -d263.webcreators.nl on a Let’s Encrypt certificate.
IP with low trusting sites, scam…Scam Advider falls for the scam here: https://www.scamadviser.com/check-website/0182gc0o1280hg1fc279g2d71c9gf79cg791ogocg71gc738713192icgq2ug9i.vanstrij.nu
56% chance the compromittal was performed from either Norway or Sweden.
See report: https://threatintelligenceplatform.com/report/0182gc0o1280hg1fc279g2d71c9gf79cg791ogocg71gc738713192icgq2ug9i.vanstrij.nu/DquEWge2QW Configuration leak: MySQL (3306) 3306 Port open. Server response: GÿjHost ‘64.140.160.2’ is not allowed to connect to this MariaDB server, where MaraDB on CentOS 6/RHEL6 would still be exploitable to Remote Root Code Execution Vulnerability CVE-2016-6662!?!

polonus (volunteer website security analyst and website error-hunter)