Just blacklisted, now parked, no actual malware?

[polonus]

Flagged: https://urlhaus.abuse.ch/url/108522/
Once active: Generic detection: https://www.virustotal.com/nl/file/03096a2e3cc5962980ba1adc36aa7a169972f90c89aa8df6a5e07129c431deca/analysis/1548254423/
8 to flag: https://www.virustotal.com/#/url/3f6b2f74ae8a1eab28549eff381e222b6f45285b090dab9ff616f58128a66652/detection
On domain (known infection source): https://www.virustotal.com/#/domain/www.biometricsystems.ru
Nothing: https://urlquery.net/report/6d936861-d386-4159-a3b4-e26fcacf6627
Cannot be found: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3LmJbXW17dH1bXnN5c3R7bXMufXVgfE18Wl1OYEJ7c3R7bGwje3R8W2xzYDIwMTktMDFg~enc
Site blacklisted and outdated PHP: https://sitecheck.sucuri.net/results/www.biometricsystems.ru/AMAZON/Bestelldetails/2019-01/
9 hints: https://webhint.io/scanner/a652ffec-6f3f-4470-94f2-a3d5a50abaa1
No vuln. -http://www.biometricsystems.ru/templates/ordasofttemplate-sectiontemplate/bootstrap/js/bootstrap.js
Number of sources found: 31 ; number of sinks found: 35

Code relation to -http://bigohosting.com/wp-content/plugins/leads-phantom-lc-unlimited/includes//phantom.min.js?ver=1.1.18
Cloudhosting delivering free webbuilder...

polonus (volunteer website security analyst and website error-hunter)

[Pondus]

It is alive and the fake .doc is a downloader and will download emotet banking trojan

Brand new >  First Submission   2019-01-23 17:05:06
https://www.virustotal.com/#/file/06fe66b8ee6de5224b638a4844b84c40bdba7752180213280a42536add933b8c/detection

[polonus]

Thanks, Pondus, for that verification.

polonus