4 engines detect this website laden with malware Heodo

[polonus]

Re: https://urlhaus.abuse.ch/url/237295/
Blacklisted (3): https://sitecheck.sucuri.net/results/pl.thevoucherstop.com/wp-admin/xdx66dy1/
Various instances give the site as clean, Google Safe Browse: OK ; Spamhaus Check: OK ;
Abuse CC: OK ; Dshield Blocklist: OK ; Cisco Talos Blacklist
4 engines will detect this URL: https://www.virustotal.com/gui/url/89400101bae600c6cb244737b68d01c938d51fc150793022c2339f994d3e56b3/detection
On IP see: https://www.shodan.io/host/173.198.199.5

Infesting with -/////MZ@   !
L!This program cannot be run in DOS mode. etc//////

polonus

[Pondus]

4 engines will detect this URL: https://www.virustotal.com/gui/url/89400101bae600c6cb244737b68d01c938d51fc150793022c2339f994d3e56b3/detection

wrong .... 7 engines   

[polonus]

Thanks Pondus, the more the better  (well actually 8 now as you count the engine, flagging it as suspicious);
the 4 that flagged it initially was at the time URLHaus member reported, then another three jumped the detection wagon.

Other domains on that IP:
-au.thevoucherstop.com
-be.thevoucherstop.com
-de.thevoucherstop.com
-es.thevoucherstop.com
-fr.thevoucherstop.com
-in.thevoucherstop.com
-it.thevoucherstop.com
-nl.thevoucherstop.com
-pl.thevoucherstop.com
-pt.thevoucherstop.com
-ro.thevoucherstop.com
-test.thevoucherstop.com
-thevoucherstop.com
-tr.thevoucherstop.com
-uk.thevoucherstop.com
-www.thevoucherstop.com

pol