Re: https://urlquery.net/report/27b9ca38-dcb8-4e94-b00e-42ed648bd079 (DNS related detection),
see: https://toolbar.netcraft.com/site_report?url=http://wrfjivmimqajugdqtul.com
Re: https://www.virustotal.com/#/url/9feec15ca62a24bd44a68fdb87956ce200812b5e75695029ce6923e8020278ec/detection
Nothing here: https://www.virustotal.com/#/file/ac5fd72a422a0bd1d5e16a8b2b52adfd95c3e4096c723a5491b885ebb6bb0693/detection
Consider: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d31malt2bVttcXxqdWcjcXR1bC5eXW1g~enc
namecheap abuse…

polonus

The following one is a known address from a suspicious IP list - https://www.shodan.io/host/185.186.17.153
See: PORT STATE SERVICE VERSION
23/tcp open telnet Linux telnetd
80/tcp open http MikroTik router config httpd
| http-robots.txt: 1 disallowed entry
|_/
|_http-title: RouterOS router configuration page
Service Info: OSs: Linux, RouterOS; Device: router; CPE: cpe:/o:linux:linux_kernel, cpe:/o:mikrotik:routeros

Maybe abuse might be going on - connection insecure consider: found in 5 blacklists → https://apility.io/search/185.186.17.153
Forum spam forwarded from there. -185.186.17.153 reported as spam
11 times, discovered Jul 11, 2018, last activity Oct 21, 2018 03:58:19.
Listed here: http://free-proxy.pw/proxy?ProxySearch[scheme]=socks5&sort=-last_check_at&page=7&per-page=30

polonus