Blacklist Incident - Page on www.snopes.com embeds y292ty3l8l.oopbn.info

Summary

Correlation: Exact
Matched By: Url
Matched Lists: GSBMalware , RiskIQ
Score: 100
Description: Angler EK.1

Incident Details

Id: 77615036
Incident Date: 2014-10-04 08:06 PM PDT
Incident Detected Date: 2014-10-04 08:11 PM PDT
Cause: iframe.src
Blacklist Resource IP: 5.135.230.182
Blacklist Resource AS: AS16276: Country: FR  Registry: ripencc
OVH , FR
Phishing: false
Scam: false
Malware: true
Spam: false
Alexa Rank: 2775

Matched Lists

GSB Malware Match: oopbn.info/
Match Type: Domain

ZList Details

ZList ID: 390014
URL: http://y292ty3l8l.oopbn.info/jece1gaim3
Match Type: Url
Description: Angler EK.1
Score: 75
First Detected At: 2014-10-04 20:09:49.0
First Found On Crawl: c6e54efe-4cd3-43c9-a4a4-d6948d898335
First Found On Page: 04c230b7-c9b4-429b-af59-c819fbafa535
First Found On Resource: cc8fc32b-2dfb-4c9c-b6cb-47a4e426853f

Blacklist Resource Details

URL: http://y292ty3l8l.oopbn.info/jece1gaim3
Sequence: 6
Response Code: 200
Content Type: text/html
Referrer: http://www.yehuam.com/dist/video.php?l=1
Cause: iframe.src
Location in Prior

Prior Page

Sequence in Crawl: 1
Guid: 13b970b7-4b58-4e01-ae5e-6dca7322d05b
URL: http://snopes.com/info/whatsnew.asp
IP Address: 66.165.133.65
Window Name: : TopLevelWindow@65fdca91

Resulting Page

Sequence in Crawl: 3
Guid: 04c230b7-c9b4-429b-af59-c819fbafa535
URL: http://www.snopes.com/inboxer/missing/tyrell.asp
IP Address: 66.165.133.65
Window Name: : TopLevelWindow@65fdca91

Crawl Details

Crawl Guid: c6e54efe-4cd3-43c9-a4a4-d6948d898335
Crawl Date: 2014-10-04 08:06 PM PDT
Frontier URL: http://snopes.com
Metro Code: none
Crawl Project: High Ranked Websites
Crawl Project ID: 389
Crawled Pages: 5
Error Pages: 0

Source Search

No Source Search Result found.

Sequence Overview

Seq­uence URL Ad Network Cause Response Code Frame Window Parent Window Lost Referrer Referrer
1 http://www.snopes.com/inboxer/missing/tyrell.asp - parentPage 200 true true : TopLevelWindow@65fdca91 - http://snopes.com/info/whatsne...
2 http://ec2-54-205-99-131.compute-1.amazonaws.com/ad.html?siz... - unknown 200 true - : FrameWindow@15f0501d - javascript:'<!doctype h...
3 http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&a... - iframe.src 200 true - : FrameWindow@65e95c9f - http://ec2-54-205-99-131.compu...
4 http://www.hukuy.com/index.php - iframe.src 200 true - : FrameWindow@2f984ed - http://ads.yahoo.com/st?ad_typ...
5 http://www.yehuam.com/dist/video.php?l=1 - iframe.src 200 true - : FrameWindow@6596d965 - http://www.hukuy.com/index.php
6 http://y292ty3l8l.oopbn.info/jece1gaim3 - iframe.src 200 true - frmAdResell_32869: FrameWindo... - http://www.yehuam.com/dist/vid...

Sequence Details

Prior
Page
http://snopes.com/info/whatsnew.asp
Window Name: : TopLevelWindow@65fdca91
Link xpath: /*[name()='html']/body/div[1]/table[3]/tbody/tr/td/table/tbody/tr/td[2]/div[2]/a[2]
Click on Link:

1

http://www.snopes.com/inboxer/missing/tyrell.asp
Referrer: http://snopes.com/info/whatsnew.asp
Cause: parentPage
Causes via Undetermined Method :

2

http://ec2-54-205-99-131.compute-1.amazonaws.com/ad.html?size=300x250&rand=0.3122009273243108
Referrer: javascript:'<!doctype html><html><head><style>html,body,iframe{width:100%;height:100%;margin:0;padding:0;overflow:hidden;}</style></head><body><iframe src="http://ec2-54-205-99-131.compute-1.amazonaws.com/ad.html?size=300x250&rand=0.3122009273243108" frameBorder=0 scrolling=no marginwidth=0 marginheight=0></iframe></body></html>'
Cause: unknown Path from prior: Not Found
Contains Element :

3

http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=6168143&rand=0.05843389467023441
Referrer: http://ec2-54-205-99-131.compute-1.amazonaws.com/ad.html?size=300x250&rand=0.3122009273243108
Cause: iframe.src Path from prior: /html/body/iframe/@src
Contains Element :

4

http://www.hukuy.com/index.php
Referrer: http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=6168143&rand=0.05843389467023441
Cause: iframe.src Path from prior: /html/body/iframe/@src
Contains Element :

5

http://www.yehuam.com/dist/video.php?l=1
Referrer: http://www.hukuy.com/index.php
Cause: iframe.src Path from prior: /html/body/div[2]/iframe/@src
Contains Element :

6

http://y292ty3l8l.oopbn.info/jece1gaim3
Referrer: http://www.yehuam.com/dist/video.php?l=1
Cause: iframe.src Path from prior: /html/body/iframe/@src