Quttera comes up with: "Quttera Labs - domain is Clean.
“The malware entry is cached and may not reflect the current status of the domain”.
Sucuri alerts: “Site Potentially Harmful.”.
urlquery dot net scan has it alerted: https://urlquery.net/report.php?id=1452481027946
Suricata with Emerging Threats IDS alerts: “ET TROJAN Possible Compromised Host Sinkhole Cookie Value Snkz”.
I see a moved permanently from IP - Post infection traffic detection: Drive-By-Downloads. *
Seems it is also a PHISH!
- Re: https://otx.alienvault.com/indicator/ip/195.22.28.222/ & http://www.malware-traffic-analysis.net/2015/11/09/index.html
& https://www.threatcrowd.org/ip.php?ip=195.22.28.222
hxtp://sso.anbtr.com/domain/lb.mspc1-01.com redirects to hxtp://xsso.lb.mspc1-01.com/4edc8e17fe3253ae27c192208b097ae5
htxp://sso.anbtr.com/domain/lb.mspc1-01.com is in Dr.Web malicious sites list!
polonus