Blacklist Incident - Page on get.adobe.com embeds miuwer.wikusbotha.com

Summary

Correlation: Exact
Matched By: Url
Matched Lists: GSBMalware , RiskIQ
Score: 83
Description: RIG EK.1

Incident Details

Id: 74007052
Incident Date: 2014-09-01 06:03 PM PDT
Cause: iframe.src
Blacklist Resource IP: 191.101.13.140
Blacklist Resource AS: AS61440: Country: CL  Registry: lacnic
Digital Energy Technologies Chile SpA, C...
Phishing: false
Scam: false
Malware: true
Spam: false
Alexa Rank: 77

Matched Lists

GSB Malware Match: wikusbotha.com/
Match Type: Domain

ZList Details

ZList ID: 338704
URL: http://miuwer.wikusbotha.com/?PHPSSESID=njrMNruDMh7HApzBKv7cTKZNKU7YHVnYmMzMhe6JVg|YmNiNWExZTQ5NTk3MTUwZDRmYmIyYmU2ZDRmOTAwN2I
Match Type: Url
Description: RIG EK.1
Score: 75
First Detected At: 2014-09-01 18:03:37.0
First Found On Crawl: d29d4c20-ea62-49c5-8ddf-e16754cc454a
First Found On Page: ac815983-dcaf-40b1-ace1-fced19fcc463
First Found On Resource: 82d5f89c-ccac-44bb-8a37-6cdf93792a7a

Blacklist Resource Details

URL: http://miuwer.wikusbotha.com/?PHPSSESID=njrMNruDMh7HApzBKv7cTKZNKU7YHVnYmMzMhe6JVg|YmNiNWExZTQ5NTk3MTUwZDRmYmIyYmU2ZDRmOTAwN2I
Sequence: 6
Response Code: 200
Content Type: text/html
Referrer: http://clickated.com/view/yt7vhfibY4FkzybhDgjRMG6xMMd3HvvZnx25SCasQQk?c=1144&pid=13&tid=32370774471409619815
Cause: iframe.src
Location in Prior

Prior Page

Sequence in Crawl: 1
Guid: d0818feb-828f-45e3-8c09-bc05dbf5db97
URL: http://www.arkansaszombiechallenge.com/
IP Address: 66.96.132.103
Window Name: : TopLevelWindow@1701e012

Resulting Page

Sequence in Crawl: 2
Guid: ac815983-dcaf-40b1-ace1-fced19fcc463
URL: http://get.adobe.com/flashplayer/
IP Address: 192.150.16.58
Window Name: : TopLevelWindow@1701e012

Crawl Details

Crawl Guid: d29d4c20-ea62-49c5-8ddf-e16754cc454a
Crawl Date: 2014-09-01 06:03 PM PDT
Frontier URL: http://www.arkansaszombiechallenge.com/
Metro Code: High Bandwidth: US - CA
Crawled Pages: 4
Error Pages: 0

Source Search

No Source Search Result found.

Sequence Overview

Seq­uence URL Ad Network Cause Response Code Frame Window Parent Window Lost Referrer Referrer
1 http://5.39.67.191/promo.php?compte=0777906e802c40e25964660a... - topLevelRedirect 302 - - promo: TopLevelWindow@5b164937 true http://www.arkansaszombiechall...
2 http://www.adcash.com/script/packcpm.php?r=36910 - redirect 302 - - promo: TopLevelWindow@5b164937 -
3 http://www.adcash.com/script/pop_packcpm.php?k=540517672afbb... - redirect 200 true true promo: TopLevelWindow@5b164937 -
4 http://trackmgr.com/view/yt7vhfibY4FkzybhDgjRMG6xMMd3HvvZnx2... - location.refresh 301 - - promo: TopLevelWindow@5b164937 - http://www.adcash.com/script/p...
5 http://clickated.com/view/yt7vhfibY4FkzybhDgjRMG6xMMd3HvvZnx... - redirect 200 true true promo: TopLevelWindow@5b164937 - http://www.adcash.com/script/p...
6 http://miuwer.wikusbotha.com/?PHPSSESID=njrMNruDMh7HApzBKv7c... - iframe.src 200 true - : FrameWindow@69cc2555 - http://clickated.com/view/yt7v...

Sequence Details

Prior
Page
http://www.arkansaszombiechallenge.com/
Window Name: : TopLevelWindow@1701e012
Link xpath: /*[name()='html']/body/div[2]/object/object/div/p/a
Click on Link:

1

http://5.39.67.191/promo.php?compte=0777906e802c40e25964660a54ba6163&path=014274&lg=en&pays=US&lg_nav=en&platform=windows&browser=internet%20explorer&version=8&idealsite=FCS
Referrer: http://www.arkansaszombiechallenge.com/
Cause: topLevelRedirect
Redirects To :

2

http://www.adcash.com/script/packcpm.php?r=36910
Referrer:
Cause: redirect Path from prior: http://www.adcash.com/script/packcpm.php?r=36910
Redirects To :

3

http://www.adcash.com/script/pop_packcpm.php?k=540517672afbb1533381.2348449&h=62eed4c477ff4ae711e39f933b005abe46d49ad8&id=0&ban=1533381&r=36910&ref=&data=&subid=&new=1&exp=prpd&dx=%3D%3DgE
Referrer:
Cause: redirect Path from prior: http://www.adcash.com/script/pop_packcpm.php?k=540517672afbb1533381.2348449&h=62eed4c477ff4ae711e39f933b005abe46d49ad8&id=0&ban=1533381&r=36910&ref=&data=&subid=&new=1&exp=prpd&dx=%3D%3DgE
Changes Window Location To :

4

http://trackmgr.com/view/yt7vhfibY4FkzybhDgjRMG6xMMd3HvvZnx25SCasQQk?c=1144&pid=13&tid=32370774471409619815
Referrer: http://www.adcash.com/script/pop_packcpm.php?k=540517672afbb1533381.2348449&h=62eed4c477ff4ae711e39f933b005abe46d49ad8&id=0&ban=1533381&r=36910&ref=&data=&subid=&new=1&exp=prpd&dx=%3D%3DgE
Cause: location.refresh Path from prior: /html/body/script
Redirects To :

5

http://clickated.com/view/yt7vhfibY4FkzybhDgjRMG6xMMd3HvvZnx25SCasQQk?c=1144&pid=13&tid=32370774471409619815
Referrer: http://www.adcash.com/script/pop_packcpm.php?k=540517672afbb1533381.2348449&h=62eed4c477ff4ae711e39f933b005abe46d49ad8&id=0&ban=1533381&r=36910&ref=&data=&subid=&new=1&exp=prpd&dx=%3D%3DgE
Cause: redirect Path from prior: http://clickated.com/view/yt7vhfibY4FkzybhDgjRMG6xMMd3HvvZnx25SCasQQk?c=1144&pid=13&tid=32370774471409619815
Contains Element :

6

http://miuwer.wikusbotha.com/?PHPSSESID=njrMNruDMh7HApzBKv7cTKZNKU7YHVnYmMzMhe6JVg|YmNiNWExZTQ5NTk3MTUwZDRmYmIyYmU2ZDRmOTAwN2I
Referrer: http://clickated.com/view/yt7vhfibY4FkzybhDgjRMG6xMMd3HvvZnx25SCasQQk?c=1144&pid=13&tid=32370774471409619815
Cause: iframe.src Path from prior: /html/body/iframe/@src