Fake ad server points to RIG EK fartemperedgraces.com RIG-EK.com. The fake ad server is located at 80.77.82.40 wrapsing.gdn GET /rotation/exoclick. Fake ad servers are located in Germany and Germany. The true infection chain for this run was circumvented in that I know a couple decoy sites being used by the HookAds malvertising campaign. The dummy site contains an iframe that redirects the host to the infrastructure.”]
Source: https://malwarebreakdown.wordpress.com/2017/03/02/rig-ek-at-92-53-105-43-drops-asn1-ransomware/