See: https://www.virustotal.com/pl/file/34c0719de0c2a33e3a6f8bc3c2c401ac3238334b4b22a2789e6c1841b41f3d22/analysis/1553294416/
where detected: https://urlhaus.abuse.ch/url/164361/
See redirects to malware spreading campaign address:
https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=MTM0LjI0OS4xMTYuNzhgW24je3gucGhw~enc
Hostinger International Limited abuse.
Passed as OK: -http://sd5doozry8.com/ykwnsxwz29?key=9a98439e5dcdf4fd2a011f7cbc76b00d
Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Compromised Hosts: OK
Dshield Blocklist: OK
Shadowserver C&C: OK
Web Server:
nginx/1.15.1
X-Powered-By:
None
IP Address:
198.134.112.241
Hosting Provider:
Webair Internet Development Company Inc.
Shared Hosting:
2295 sites found on 198.134.112.241
Externally linked host: -terraclicks.com Webair Internet Development Company Inc. United-States
Content after the < /html> tag should be considered suspicious. Fake netbot activity.
Redacted organisation info “for privacy”. Re: https://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fterraclicks.com%2F
= PUP.Optional.TerraClicks.ShrtCln. (monitors you as a tricky adware).
polonus (volunteer website security analyst and website error-hunter)