by   May 16 2016   
Advertiser redirects to wibaecrisil.org from Weather Undergrounds Wondermap advertisers spot. It's not Wunderground.com but the advertiser which can be seen when you mouse over. If you happen to see the advertisement please send me a note, I would like to track the hacked or bad advertisement server.

wibaecrisil.org advertised on Weather Underground in ad space...

The ad launched a redirect on mouse over from the wondermap page. 

It was caught by MS Edge untrusted sites and malware site db. 

If MS found it my guess it's an old bad link. 

I didn't get the advertisement that actually displayed but I will start recording the time on WUnderground.com

Remember, it is not WUnderground.com that is redirecting you. It's a bad advertiser and / or a hacked advertisement server. 

The advertiser spot is not adsense it's another type. 

Wibaecrisil .org _WUnderground .Com _Redirect _Virus _Links

 

The actual link is:  https://wibaecrisil.org/ 3191185501532/ 332b90e19cc5a6a3c8ef561a8f09097d . html

Do yourself a favor and DO NOT VISIT the link above unless you're like me and collect the viruses and delivery systems. 

Tech Tip: When starting out in virus tracking make sure you have a Windows XP or Windows 2000 or older OS computer with Tiny Personal Firewall running. Do not use any Antivirus at first. Be sure to allow the malware or virus to infect your system as it was designed. Allow the firewall to report to you all connection attempts and note them. 

Once your firewall has stopped reporting connection attempts reboot your computer and log any changes. 

By the way, you are not connected to your internal network right? Be sure you be offline or on a dedicated connection so you don't mess up your good computers and network devices. 

Once you have all the data about the outbound connections remove your infected computers hard drive and do your research. 

Once you learn how viruses and malware are delivered you can setup better defenses. It's those that don't practice that get infected. 

I'll post up my findings once I finish cleaning my virus computer up from the last research round. 

I can't say it enough, you need to track connections and unless your firewall has a detailed or debug level logging server you're best off using an old 32bit Windows XP none core processor with PF2.exe. 

Later. 

 

Data below from www.DomainTools.Com  

Domain Info: http://whois.domaintools.com/wibaecrisil.org

Whois & Quick Stats
Email is associated with ~2 domains
Registrant Org Tommy M. Thompson is associated with ~1 other domains
Dates Created on 2016-05-15 - Expires on 2017-05-15 - Updated on 2016-05-15
Domain Status Registered And No Website
Whois History 1 record has been archived since 2016-05-15
Hosting History 1 change on 2 unique name servers over 0 year
Whois Server whois.pir.org
Website
Website Title None given.
Whois Record ( last updated on 2016-05-16 )
Domain Name: WIBAECRISIL.ORG
Domain ID: D188662446-LROR
WHOIS Server:
Referral URL: http://www.PublicDomainRegistry.com
Updated Date: 2016-05-15T19:45:50Z
Creation Date: 2016-05-15T19:45:49Z
Registry Expiry Date: 2017-05-15T19:45:49Z
Sponsoring Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Sponsoring Registrar IANA ID: 303
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Domain Status: serverTransferProhibited https://www.icann.org/epp#serverTransferProhibited
Domain Status: addPeriod https://www.icann.org/epp#addPeriod
Registrant ID: DI_48587223
Registrant Name: Tommy M. Thompson
Registrant Organization: NA
Registrant Street: 2030 Wilson Avenue
Registrant City: Plano
Registrant State/Province: Texas
Registrant Postal Code: 75074
Registrant Country: US
Registrant Phone: +1.9724772477
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:
Admin ID: DI_48587223
Admin Name: Tommy M. Thompson
Admin Organization: NA
Admin Street: 2030 Wilson Avenue
Admin City: Plano
Admin State/Province: Texas
Admin Postal Code: 75074
Admin Country: US
Admin Phone: +1.9724772477
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email:
Tech ID: DI_48587223
Tech Name: Tommy M. Thompson
Tech Organization: NA
Tech Street: 2030 Wilson Avenue
Tech City: Plano
Tech State/Province: Texas
Tech Postal Code: 75074
Tech Country: US
Tech Phone: +1.9724772477
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email:
Name Server: NS1.EUROPEDNS.NET
Name Server: NS2.EUROPEDNS.NET
DNSSEC: unsigned

Advertiser redirects to wibaecrisil.org from Weather Undergrounds Wondermap advertisers spot. It's not Wunderground.com but the advertiser which can be seen when you mouse over. If you happen to see the advertisement please send me a note, I would like to track the hacked or bad advertisement server.