A rogue ad from a rogue advertiser initiates a series of redirections to.eu sites and ultimately loads the Angler exploit kit. The bogus advertiser is using a combination of SSL encryption, IP blacklisting and. JavaScript obfuscation and only displays the malicious payload once per (genuine) victim. Malwarebytes Anti-Exploit users were protected against this attack (Flash CVE-2015-7645) which would have dropped Bedep and ad fraud, but possibly other payloads as well.”]

