Blacklist Incident - Page on www.infokomputer.com embeds 194.204.20.1

Summary

Correlation: Exact
Matched By: Host
Matched Lists: GSBMalware , RiskIQ
Score: 60
Description: riq.ti REDIR directs malvertised traffic to malware posing as Adobe Flash updates

Incident Details

Id: 97123928
Incident Date: 2015-02-06 01:05 PM PST
Incident Detected Date: 2015-02-07 01:08 PM PST
Cause: script.src
Blacklist Resource IP: 194.204.20.1
Blacklist Resource AS: AS2586: Country: EE  Registry: ripencc
UNINET-AS Elisa Eesti AS, FI
Phishing: false
Scam: false
Malware: true
Spam: false
Alexa Rank: 125083

Matched Lists

GSB Malware Match: 194.204.20.1/
Match Type: Host

ZList Details

ZList ID: 594210
URL: http://194.204.20.1/
Match Type: Host
Description: riq.ti REDIR directs malvertised traffic to malware posing as Adobe Flash updates
Score: 80
First Detected At: 2015-02-07 23:44:02.0

Blacklist Resource Details

URL: http://194.204.20.1/openx/www/images/js/banner.js
Sequence: 3
Response Code: 200
Content Type: application/x-javascript
Referrer: http://www.infokomputer.com/category/best-apps/windows-7/
Cause: script.src
Location in Prior

Prior Page

Sequence in Crawl: 1
Guid: 8460ed9a-1c2c-4008-bc7a-d80caab90774
URL: http://www.infokomputer.com/2015/02/berita/berita-reguler/iphone-6-dipasok-resmi-oleh-erajaya-group/
IP Address: 104.28.14.107
Window Name: : TopLevelWindow@b2876d4

Resulting Page

Sequence in Crawl: 7
Guid: d5a4987e-2b9b-4c19-9295-9926ef1a5071
URL: http://www.infokomputer.com/category/best-apps/windows-7/
IP Address: 104.28.15.107
Window Name: : TopLevelWindow@b2876d4

Crawl Details

Crawl Guid: 6c695a69-b1dd-4a69-840a-b3639d7ad1ac
Crawl Date: 2015-02-06 01:05 PM PST
Frontier URL: http://www.infokomputer.com/2015/02/berita/berita-reguler/iphone-6-dipasok-resmi-oleh-erajaya-group/
Metro Code: none
Crawled Pages: 10
Error Pages: 2

Source Search

ID Date Network Type Search Term Metro Pages Entries Crawl Search
373125054 2015-02-06 RiskIQ Blog moneypak iphone 1 1000 none View
Page 2 - Position 395
iPhone 6 Dipasok Resmi oleh Erajaya Group - InfoKomputer Online
iPhone 6 Dipasok Resmi oleh Erajaya Group Setelah terlalu lama menunggu kehadiran pastinya, Jumat ini (6/Feb), iPhone 6 dan iPhone 6 Plus akan didistribusikan resmi oleh Erajaya Swasembada yang juga menyalurkan beragam brand. Duet smartphone terpopuler da
http://www.infokomputer.com/2015/02/berita/berita-reguler/iphone-6-dipasok-resmi-oleh-erajaya-group/

Sequence Overview

Seq­uence URL Ad Network Cause Response Code Frame Window Parent Window Lost Referrer Referrer
1 http://www.infokomputer.com/category/best-apps/windows-7/ - parentPage 200 true true : TopLevelWindow@b2876d4 - http://www.infokomputer.com/20...
2 http://ads.pcplus.co.id/www/delivery/ajs.php?zoneid=10&t... - script.src 200 - - : TopLevelWindow@b2876d4 - http://www.infokomputer.com/ca...
3 http://194.204.20.1/openx/www/images/js/banner.js - script.src 200 - - : TopLevelWindow@b2876d4 - http://www.infokomputer.com/ca...

Sequence Details

Prior
Page
http://www.infokomputer.com/2015/02/berita/berita-reguler/iphone-6-dipasok-resmi-oleh-erajaya-group/
Window Name: : TopLevelWindow@b2876d4
Link xpath: /html/body/div[1]/div/div[4]/div/div/div/div[1]/div[3]/div/ul/li[6]/ul/li[4]/a
Click on Link:

1

http://www.infokomputer.com/category/best-apps/windows-7/
Referrer: http://www.infokomputer.com/2015/02/berita/berita-reguler/iphone-6-dipasok-resmi-oleh-erajaya-group/
Cause: parentPage
Contains Element :

2

http://ads.pcplus.co.id/www/delivery/ajs.php?zoneid=10&target=_blank&block=1&cb=40536156341&loc=http%3A//www.infokomputer.com/category/best-apps/windows-7/&referer=http%3A//www.infokomputer.com/2015/02/berita/berita-reguler/iphone-6-dipasok-resmi-oleh-erajaya-group/
Referrer: http://www.infokomputer.com/category/best-apps/windows-7/
Cause: script.src Path from prior: /html/body/div[1]/div/div[3]/div/div/div[2]/div/script[2]/@src
Contains Source :

3

http://194.204.20.1/openx/www/images/js/banner.js
Referrer: http://www.infokomputer.com/category/best-apps/windows-7/
Cause: script.src Path from prior: /html/head/script[15]/@src